PDA

View Full Version : Generic host win32 error.....help

paul_danzig
August 13th, 2006, 11:10 PM
A message keeps coming up saying generic host win32 error.....i look at the results and it leaves a svchost.exe in my local\tempfolder\wer2.tmp.dir00

it only happens when im connected to the internet also it won't let me disconnect from the internet....but it does let me browse the internet also
so the internet conncetion is still there but does not let me browse

here is my hijack.....

please help me

Logfile of HijackThis v1.99.1
Scan saved at 3:01:20 PM, on 8/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BPK\bpk.exe
C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\ExeFiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:5222
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [Atari Launcher] C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C7B59D1-FD6A-45E0-9D69-E6278A622E35}: NameServer = 69.50.161.131,85.255.112.10
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

thanks
sheldondsouza
August 14th, 2006, 09:54 AM
Please specify the error in detail for us to debug your problem. Post your log in the hijack log side for better consultation.
Go in event viewer and see and post the detailed error
ritual
August 14th, 2006, 10:11 AM
http://support.microsoft.com/?kbid=894391

Maybe this should help
paul_danzig
August 14th, 2006, 06:42 PM
ok in detial here you go and thanks for the replies so far

ok the error only comes up when im connected to the internet
and the erorr seem to make me loose my connection but i can not reconnect either so i have to restart my computer to be online again...
the error also leaves a trace on my computer it leaves 2 svchost.exe hdmp and svchost.exe mdmp and a appcompat.txt also in my temp folder the txt says this....

appcomat.txt
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="558080" CHECKSUM="0x7B6E5DDA" BIN_FILE_VERSION="5.1.2600.1106" BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9315E" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="08/29/2002 10:40:40" UPTO_LINK_DATE="08/29/2002 10:40:40" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="260608" CHECKSUM="0x4D3D2733" BIN_FILE_VERSION="5.1.2600.1789" BIN_PRODUCT_VERSION="5.1.2600.1789" PRODUCT_VERSION="5.1.2600.1789" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1789 (xpsp2.051228-1438)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x40572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1789" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1789" LINK_DATE="01/02/2006 22:38:03" UPTO_LINK_DATE="01/02/2006 22:38:03" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="930816" CHECKSUM="0xF60887C3" BIN_FILE_VERSION="5.1.2600.1560" BIN_PRODUCT_VERSION="5.1.2600.1560" PRODUCT_VERSION="5.1.2600.1560" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1560 (xpsp2_gdr.040517-1325)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xEC3A9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1560" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1560" LINK_DATE="06/17/2004 17:58:35" UPTO_LINK_DATE="06/17/2004 17:58:35" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="654336" CHECKSUM="0xC568C00F" BIN_FILE_VERSION="5.1.2600.1217" BIN_PRODUCT_VERSION="5.1.2600.1217" PRODUCT_VERSION="5.1.2600.1217" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1217 (xpsp2.030429-2131)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA5841" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1217" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1217" LINK_DATE="05/01/2003 23:56:10" UPTO_LINK_DATE="05/01/2003 23:56:10" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1190400" CHECKSUM="0xEB939D14" BIN_FILE_VERSION="5.1.2600.1720" BIN_PRODUCT_VERSION="5.1.2600.1720" PRODUCT_VERSION="5.1.2600.1720" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1720 (xpsp2.050722-1526)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x12617E" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1720" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1720" LINK_DATE="07/26/2005 04:31:13" UPTO_LINK_DATE="07/26/2005 04:31:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="569344" CHECKSUM="0x276CFFB1" BIN_FILE_VERSION="3.50.5016.0" BIN_PRODUCT_VERSION="3.50.5016.0" PRODUCT_VERSION="3.50.5016.0" FILE_DESCRIPTION="Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems" FILE_VERSION="3.50.5016.0" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-1999." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x999AF" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.50.5016.0" UPTO_BIN_PRODUCT_VERSION="3.50.5016.0" LINK_DATE="08/29/2002 10:40:34" UPTO_LINK_DATE="08/29/2002 10:40:34" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8348672" CHECKSUM="0xF5BA536D" BIN_FILE_VERSION="6.0.2800.1751" BIN_PRODUCT_VERSION="6.0.2800.1751" PRODUCT_VERSION="6.00.2800.1751" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2800.1751 (xpsp2.050922-1653)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7FFAB3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2800.1751" UPTO_BIN_PRODUCT_VERSION="6.0.2800.1751" LINK_DATE="09/23/2005 03:27:29" UPTO_LINK_DATE="09/23/2005 03:27:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="561152" CHECKSUM="0xFC954658" BIN_FILE_VERSION="5.1.2600.1634" BIN_PRODUCT_VERSION="5.1.2600.1634" PRODUCT_VERSION="5.1.2600.1634" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.1634 (xpsp2.050301-1526)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x90EFC" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1634" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1634" LINK_DATE="03/02/2005 18:20:03" UPTO_LINK_DATE="03/02/2005 18:20:03" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="WININET.DLL" SIZE="575488" CHECKSUM="0x2E6DBA7B" BIN_FILE_VERSION="6.0.2800.1525" BIN_PRODUCT_VERSION="6.0.2800.1525" PRODUCT_VERSION="6.00.2800.1525" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2800.1525" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x979E8" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2800.1525" UPTO_BIN_PRODUCT_VERSION="6.0.2800.1525" LINK_DATE="10/21/2005 20:51:33" UPTO_LINK_DATE="10/21/2005 20:51:33" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows(TM) Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Hope that is not confusing
and aslo a manifet.txt...
here is the manifest.txt

Server=watson.microsoft.com
UI LCID=1033
Flags=98576
Brand=WINDOWS
TitleName=Generic Host Process for Win32 Services
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
RegSubPath=Microsoft\PCHealth\ErrorReporting\DW
ErrorText=If you were in the middle of something, the information you were working on might be lost.
Stage1URL=
Stage1URL=/StageOne//0_0_0_0/unknown/0_0_0_0/00000000.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=&szAppVer=0.0.0.0&szModName=unknown&szModVer=0.0.0.0&offset=00000000
DataFiles=C:\DOCUME~1\Owner\LOCALS~1\Temp\WER3F.tm p.dir00\svchost.exe.mdmp|C:\DOCUME~1\Owner\LOCALS~ 1\Temp\WER3F.tmp.dir00\appcompat.txt
Heap=C:\DOCUME~1\Owner\LOCALS~1\Temp\WER3F.tmp.dir 00\svchost.exe.hdmp
ErrorSubPath=\0.0.0.0\unknown\0.0.0.0\0000000

I only have service pack 1 installed i do not have service pack2 because i have dialup and it takes for ever to download.....
the link that ritual gave only supports if you have service pack 2

lets see what else....it varys on when the message pops up.....it could 5 minutes to an hour......

my latest hijack is here....also i do have perfectkeylogger installed by choice
"bpk"process.....here is my hijack

Logfile of HijackThis v1.99.1
Scan saved at 10:39:30 AM, on 8/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\BPK\bpk.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ExeFiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [Atari Launcher] C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Atari icon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [bpk] C:\Program Files\BPK\bpk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155510955671
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1360AD4-3779-41EC-A3EB-1C98F12B7E26}: NameServer = 207.69.188.185 207.69.188.186
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

more would welcomed thank you
sheldondsouza
August 15th, 2006, 10:00 AM
Just try this in the mean time Download Crap Cleaner and delete your temporary files. Im still checking the error.

If you want more advice abt hijak log post it here http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
sheldondsouza
August 15th, 2006, 10:03 AM
Since you mentioned you have serice pack one. Try doing a reinstall of IE6, you could also check online and download XP TCP IP REPAIR

http://www.xp-smoker.com/freeware.html
smurfy
August 15th, 2006, 10:10 AM
paul_danzig, I have copied this thread into our Cyber Safety forum
http://www.cybertechhelp.com/forums/showthread.php?t=128167
- please use that forum to get your log analysed by our specialist team (as suggested by Sheldonsouza in his first reply).
This topic now closed.

Thanks